From 1a9e93cc81dbae55743c0dafae4bd6ac8241e8a3 Mon Sep 17 00:00:00 2001 From: Sascha Hauer Date: Wed, 12 Dec 2012 14:55:40 +0100 Subject: drivers/base: fix corrupt device tree MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit dev_add_child is a very unsafe function. If called multiple times it allows setting the same device to different parents thus corrupting the siblings list. This happens regularly since: | commit c2e568d19c5c34a05a1002d25280bf113b72b752 | Author: Jean-Christophe PLAGNIOL-VILLARD | Date: Sat Nov 3 16:11:05 2012 +0100 | | bus: add bus device | | automatically add it as parent of any bus device if none already specified | | we have now a nice output per bus If for example a FATfs is mounted this nice output per bus often ends with: > `---- fat0 > `---- 0 > `---- 0x86f0000087020031-0x86f000410df27124: /dev/ > `---- sram00 > `---- 0x00000000-0xffffffffffffffff: /dev/ > `---- 0x00000000-0xffffffffffffffff: /dev/ > unable to handle NULL pointer dereference at address 0x0000000c > pc : [<87f08a20>] lr : [<87f08a04>] > sp : 86eff8c0 ip : 87f3fbde fp : ffffffff > r10: ffffffff r9 : 00000000 r8 : 00000003 > r7 : 86f075b8 r6 : 00000002 r5 : ffffffec r4 : 86f07544 > r3 : 00000000 r2 : 43f900b4 r1 : 00000020 r0 : 00000005 > Flags: Nzcv IRQs off FIQs off Mode SVC_32 > [<87f08a20>] (do_devinfo_subtree+0x90/0x130) from [<87f08a90>] (do_devinfo_subtree+0x100/0x130) > > [<87f3e070>] (unwind_backtrace+0x0/0x90) from [<87f28514>] (panic+0x28/0x3c) > [<87f28514>] (panic+0x28/0x3c) from [<87f3e4b8>] (do_exception+0x10/0x14) > [<87f3e4b8>] (do_exception+0x10/0x14) from [<87f3e544>] (do_data_abort+0x2c/0x38) > [<87f3e544>] (do_data_abort+0x2c/0x38) from [<87f3e268>] (data_abort+0x48/0x60) This patch fixes this by adding a device to its parents children list in register_device so that dev_add_child is no longer needed. This function is removed from the tree. Now callers of register_device have to clearly set the parent *before* registering a device. Signed-off-by: Sascha Hauer Reported-by: Jan Lübbe --- drivers/w1/w1.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'drivers/w1') diff --git a/drivers/w1/w1.c b/drivers/w1/w1.c index 11b8320d12..d2f94c938d 100644 --- a/drivers/w1/w1.c +++ b/drivers/w1/w1.c @@ -413,7 +413,6 @@ static int w1_device_register(struct w1_bus *bus, struct w1_device *dev) dev->bus = bus; dev->dev.parent = &bus->dev; - dev_add_child(dev->dev.parent, &dev->dev); ret = register_device(&dev->dev); if (ret) @@ -600,10 +599,7 @@ int w1_bus_register(struct w1_bus *bus) strcpy(bus->dev.name, "w1_bus"); bus->dev.id = DEVICE_ID_DYNAMIC; - bus->dev.parent = bus->parent; - if (bus->parent) - dev_add_child(bus->parent, &bus->dev); ret = register_device(&bus->dev); if (ret) -- cgit v1.2.3